[Snort-devel] MySQL logging performance and mysql.php3 corrections?

Hemsley, Trevor Trevor.Hemsley at ...1267...
Tue Apr 16 04:08:17 EDT 2002

Is anyone looking after the MySQL logging interface? I've been using it and
have found that to make mysql.php3 work with any degree of speed it is
necessary to add some indexes. Namely

alter table iphdr add index sid (sid);
alter table iphdr add index cid (cid);
alter table event add index cid (cid);

The first two reduced a 4 minute 10 second select on 20,000 records used by
mysql.php3 to produce the first HTML table to 3 minutes 15 seconds. The last
one reduced the 3 minutes to 0.43 seconds ;-)

I also have an updated version of mysql.php3 which actually produces some
output on Snort 1.8.6. Is anyone interested in taking this from me and
including it in the distribution?

Trevor Hemsley,
Security Specialist,
Atos Origin Ltd,

[This electronic transmission and any files attached to it are strictly
confidential and intended solely for the addressee.   If you are not the
intended addressee, you must not disclose, copy or take any action in
reliance of this transmission.  If you have received this transmission in
error, please notify us by return and delete the same.  The views expressed
in this electronic transmission do not necessarily reflect those of Atos
Origin or any of its subsidiary companies. Although the sender endeavours to
maintain a computer virus free network, the sender does not warrant that
this transmission is virus-free and will not be liable for any damages
resulting from any virus transmitted.  Thank You.] 

More information about the Snort-devel mailing list